<?php
	
/* 
	
	dkpm - a DKP management system
	
	The contents of this file are subject to the Mozilla Public License
	Version 1.1 (the "License"); you may not use this file except in
	compliance with the License. You may obtain a copy of the License at
	http://www.mozilla.org/MPL/

	Software distributed under the License is distributed on an "AS IS"
	basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
	License for the specific language governing rights and limitations
	under the License.
	
	The Original Code is Copyright (C) 2007 Martin Wedvich. All Rights Reserved.
	
	-
	
	login.php
	This page is where users log in.

*/
	
	define('dkpm', true);
	session_start();
	
	require 'functions.php';
	require 'framework.php';
	
	$loginstatus = 'generic';
	
	$addtitle = '';
	$addcontent = '';
	
	if($_SESSION['user']['id'] > 0) {
		header('Location: index.php');
		exit;
	}
	
	if(!isset($_POST['loginusername']) || !isset($_POST['loginpassword'])) {
		$addcontent = '
						<p class="botspace"><span class="header1">Login</span></p>';
	} else {
		$sql = mysql_query('SELECT user_id, username, user_password, user_email FROM dkpm_users WHERE username="' . $_POST['loginusername'] . '"');
		if($row = mysql_fetch_row($sql)) {
			if(validate_ssha($row[2], $_POST['loginpassword'])) {
			 	$_SESSION['user']['id'] = $row[0];
			 	$_SESSION['user']['name'] = $row[1];
			 	$_SESSION['user']['email'] = $row[3];
				if($_POST['loginstay'] = 'on') {
				 	setcookie('dkpm', session_id(), time() + 60 * 60 * 24 * 30);
				}
			 	mysql_query('UPDATE dkpm_users SET user_last_login=NOW() WHERE user_id=' . $row[0]);
			 	mysql_query('UPDATE dkpm_users SET user_last_ip="' . get_client_ip() . '" WHERE user_id=' . $row[0]);
			 	mysql_query('UPDATE dkpm_users SET user_session="' . session_id() . '" WHERE user_id=' . $row[0]);
			 	$loginstatus = 'ok';
				$addtitle = ' successful';
				$addcontent = '
						<p><span class="header1ok">Login successful</span></p>
						<p class="botspace"><span class="sub1ok">Welcome, ' . $row[1] . '!</span></p>';
			} else {
			 	$loginstatus = 'failed';
				$addtitle = ' failed';
				$addcontent = '
						<p><span class="header1failed">Login failed</span></p>
						<p class="botspace"><span class="sub1failed">The password was incorrect.</span></p>';
			}
		} else {
		 	$loginstatus = 'failed';
			$addtitle = ' failed';
			$addcontent = '
						<p><span class="header1failed">Login failed</span></p>
						<p class="botspace"><span class="sub1failed">No users with the name "' . $_POST['loginusername'] . '" exist.</span></p>';
		}
	}
	
	$title = 'dkpm &raquo; Login' . $addtitle;
	if($loginstatus != 'ok') {
		$content = '<div id="formbox" class="' . $loginstatus . '">
					<form name="loginform" method="post" action="login.php">' . $addcontent . '
						<p>Username</p>
						<p><input name="loginusername" type="text" maxlength="16" /></p>
						<p>Password</p>
						<p><input name="loginpassword" type="password" maxlength="16" /></p>
						<p class="topspace"><input name="loginstay" type="checkbox" checked="on" />Remember me</p>
						<p><span class="dark">Stay logged in for 30 days, or until you manually log out</span></p>
						<p class="topspace">
							<input type="submit" value="Login" /><input type="reset" value="Reset" />
						</p>
					</form>
				</div>';	
	} else {
		$content = '<div id="formbox" class="' . $loginstatus . '">
					<form name="loginform" method="post" action="login.php">' . $addcontent . '
						<a href="index.php" title="Return to index">Return to index</a>.
					</form>
				</div>';	
	}
		
	framework_exec($title, $content);

?>